Zentyal Forum, Linux Small Business Server

Zentyal Server => Email and Groupware => Topic started by: pgioia on July 11, 2019, 07:31:31 pm

Title: spamassassin
Post by: pgioia on July 11, 2019, 07:31:31 pm
I need to add a rule of type * .icu to the blacklist, but the guide does not allow it and it is not seen in the file.
Title: Re: spamassassin
Post by: doncamilo on July 15, 2019, 04:25:17 pm
Hi! :)

If you know how to create the rule that you need, you have to follow these steps:

Code: [Select]
sudo mkdir /etc/zentyal/stubs/mailfilter
sudo cp /usr/share/zentyal/stubs/mailfilter/local.cf.mas  /etc/zentyal/stubs/mailfilter/local.cf.mas

Edit the rule on the /etc/zentyal/stubs/mailfilter/
local.cf.mas file and restart the service.

Here you have the documentation in order to customizing spamassasin with custom rules.

https://cwiki.apache.org/confluence/display/SPAMASSASSIN/WritingRules

Cheers!
Title: Re: spamassassin
Post by: pgioia on July 18, 2019, 02:41:46 pm
hi doncamilo


What I need is to block an A Top-Level Domain (TLD) as .icu?

and I do not see how I can achieve what you tell me, if you could clarify a bit more I would appreciate it
Title: Re: spamassassin
Post by: doncamilo on July 22, 2019, 10:59:38 am
Hi!

Here https://spamassassin.apache.org/full/3.1.x/doc/Mail_SpamAssassin_Conf.html (https://spamassassin.apache.org/full/3.1.x/doc/Mail_SpamAssassin_Conf.html) you can see why you can't blacklisted the top level domain as a whole:
"Whitelist and blacklist addresses are now file-glob-style patterns, so friend@somewhere.com, *@isp.com, or *.domain.net will all work. Specifically, * and ? are allowed, but all other metacharacters are not. Regular expressions are not used for security reasons."
According to the doc the glob '*' symbol seems to be forbidden after the "@" symbol.
So you'll have to use a custom filter: (read this https://cwiki.apache.org/confluence/display/SPAMASSASSIN/WritingRules)
Another option is to catch those *.icu e-mail on SMTP in order to reject them. This way your spam folder will be void! (read this: https://www.virtualmin.com/node/53157 )
In order to give you a more specific answer I'll would have to do some trials, so tell me what solution do you like in order to reach your goal.
If you want to do your own trials, you have to run these commands:
Code: [Select]
sudo  mkdir -p /etc/zentyal/stubs/mailfilter
sudo cp /usr/share/zentyal/stubs/mailfilter/local.cf.mas  /etc/zentyal/stubs/mailfilter/local.cf.mas
All you settings have to be done in '/etc/zentyal/stubs/mailfilter/local.cf.mas'
Code: [Select]
#Add this:
header      LOCAL_FROM_TLD  From   =~ /@[a-z0-9\-\.]+\.(icu)/i
describe    LOCAL_FROM_TLD         From address is a TLD listed in line 1
score       LOCAL_FROM_TLD  11

Afterwards, run this command in order to restart the mailfilter service:
Code: [Select]
sudo zs mailfilter restart
Cheers!
Title: Re: spamassassin
Post by: pgioia on July 24, 2019, 04:35:24 pm
I think the option is to detect those * .icu emails in SMTP to be able to reject them is the most interesting.